CGF Articles & Editorials


By Terrance M. Booysen (CEO: CGF Research Institute) and reviewed by Dr Claudelle von Eck (CEO: Institute of Internal Auditors, South Africa)

New standards, guidelines, codes and laws are being regularly implemented to update and improve the international regulatory environment in which businesses operate.  In many instances, these ‘governance instruments’ are implemented in response to the myriad leadership challenges which are being experienced on a global basis.

In spite of the measures being adopted to improve the governance position of organisations, there are still numerous examples in the private and public sector of organisations being caught out in corruption scandals, inaccurate reporting, financial misstatements and similar indiscretions which cause a great deal of instability within business and society, often resulting in the demise of the organisation.

With disgraced organisations such as KPMG, Mckinsey, SAP, Software AG, Trillian, Eskom and most recently Steinhoff; there is no doubt that boards of directors are in the main, being placed under increasing pressure to thoroughly understand the organisation’s financial and non-financial related risks.  Moreover, directors must be equipped with the correct knowledge and necessary information to be able to understand the business risks and be able to interrogate and oversee the measures taken to mitigate these risks which have the potential to harm the business.  With this in mind, it is hardly surprising that boards will require a more proactive approach toward managing the risks associated with their business, albeit the existing and future potential risks.

“Changes in today’s business environment and the associated risks are only accelerating. Internal auditing requires commitment and a framework of clearly articulated principles, leading-practice standards, and timely guidance that not only acknowledge but also anticipate these changes.”

Institute of Internal Auditors of South Africa (2017)

Trying to achieve this feat, especially for boards that are dysfunctional or those that operate at a distance from its executive management, is nearly impossible.  It is becoming more evident that the role of the Chief Audit Executive (CAE), including members of the internal audit team, will become more critical in making this task easier for boards to achieve.

Strengthening the board’s risk profile and decision-making

Mature boards are realising the value of including the experience of CAEs and internal audit within their risk assessment and mitigation processes.  In these organisations the internal audit profession is being leveraged to maximise their risk-based knowledge, experience and skills to benefit the board’s risk-based decision making for the overall sustainability of the organisation.

Given that organisations and their board of directors are expected to comply with due care and the highest of ethical and professional standards, they are duty bound to ensure that the organisation and executive leadership complies with all applicable legislation and regulation, including internal policies, rules, practices and procedures.  Indeed, the ambit of this compliance also extends to the additional governance demands placed upon the organisation by its key stakeholders, not least also those of their suppliers.  Interestingly, internal auditors -- who are often described as the organisation’s critical friend when dealing with the organisation’s risk management -- have recently witnessed a renewed focus of their own International Professional Practices Framework (‘IPPF’), published by the Institute of Internal Auditors (‘IIA’).

Stronger emphasis on independence and ethical standards

Amongst other, the IPPF standards seek to enhance the duties of compliance, including the professional care which is applicable to all internal auditors worldwide.  The IPPF, and the standards which it promotes, was updated with effect from 01 January 2017, and raises amongst other criteria, the ethical obligations of internal auditors.  The IPPF standards require internal auditors to meet the responsibilities expected of them vis-à-vis their internal audit activities, such that these responsibilities are executed in a uniform manner and in the best interests of the organisations which have employed them, either as employees or as insourced contractors.

Core principles set out in the IPPF, as well as its code of ethics, require mandatory conformance from internal auditors.  Furthermore, they entail fundamental and evolved principles and expect the values of integrity, competence, confidentiality and objectivity to be exercised by internal auditors, as well as considerations of proactivity in the interests of being future focused and insightful.  An area of focus in the IPPF is the requirement of independence, and it is this quality, in particular, which emphasizes a tone similar to many of the recent regulatory developments that focus on ethical businesses and the challenges their leaders face.


Indeed, where external auditors are concerned, independence has been reiterated in the recent requirement of Mandatory Audit Firm Rotation (‘MAFR’) which requires that an audit firm cannot serve a public interest entity for more than ten (10) consecutive financial years.  After such time, the audit firm will only be eligible for reappointment after at least five (5) financial years has lapsed.

While auditors are performing the tasks which their daily work requires of them, complying with local and international rules and standards, as well as applicable legislation; they are also required to proactively report irregularities within their professions to the appropriate authorities.

“With South Africa being in a perfect storm of political uncertainty, an adverse economic climate, social unrest, credit ratings downgrades and increasing inequality, it is more urgent than ever that the leaders in organisations ensure that good governance principles are adhered to, chief among those is building an ethical culture. This of course means that internal auditors should be more vigilant and ensure that their audit plans are crafted to put the spotlight on the important issues that lead to well governed organisations.”

Corporate Governance Index 2017
Institute of Internal Auditors, South Africa

In addition to the Companies Act, 2008 and the Auditing Profession Act, 2005, which set out irregularity reporting requirements, recent ethical requirements and guidance for responding to Non-Compliance with Laws and Regulations (‘NOCLAR’) by members of the accounting profession have also been published.  These ethical requirements establish a comprehensive response framework that guide chartered accountants in terms of the factors to consider and the steps to be taken when they become aware of NOCLAR or suspected NOCLAR.  The purpose of the NOCLAR guidelines is to promote the principles of integrity and professional behaviour and to alert clients (or employing organisations) of any non-compliance in order for it to be properly and timeously addressed.  Clearly, it is in this regard that NOCLAR also has direct relevance and implied consequences for auditors who carry the accounting qualification.

Complete governance and ethical oversight

Since the board holds ultimate accountability to stakeholders for the ethical and effective leadership of an organisation, it needs to have a full and thorough grasp of all of the applicable new standards, guidelines, codes and laws which are published within the local and international regulatory environment and, even more importantly, must know at any given time how their organisation, as well as their service-providers (such as their internal and external auditors) are responding to and complying with them.  Directors can be called on by key stakeholders at any point in time to give an account of the manner in which their organisations are being governed.  As such, organisations need to be transparent in their business and transparent in their reporting.

But how is this transparency achieved in the complex, fast-paced and globalised business environment, where operational and strategic risks compound the financial, non-financial and regulatory risks which organisations face?  Simply put, directors need to be in possession of an overarching view of all the governance components within their organisations, including the extent to which these components are being managed, monitored and controlled.  A well-considered and tailored Corporate Governance Framework® will provide this view by giving directors better oversight of -- and insight into -- the organisations that they lead.

Through an integrated risk and opportunity management system such as the Corporate Governance Framework® -- which facilitates transparency and information sharing -- directors will be able to properly identify areas within the organisation that require attention.  From here, various risks can be prioritized and then followed by the necessary corrective actions to mitigate the risks and / or even exploit the opportunities arising from the risks, as the case may be.

For example, by using the Corporate Governance Framework®, the board will be able to quickly and accurately determine the extent to which internal auditors have fulfilled their operational and ethical mandates as required by relevant policies, procedures, rules, laws, standards and guidelines, and will be able to keep assessing whether the risk appetite and tolerance levels -- which are set by the board -- are being complied with by the organisation.  Any irregularity in reporting requirements will be flagged, and the fact that there is a requirement to report such irregularities will be clear.  A Corporate Governance Framework® will give directors, including their internal auditors, a high-level view of the extent to which enterprise-wide risk is addressed, as well as the manner in which organisational policies with respect to internal and external auditing have been complied with.

Combined assurance

In terms of Principle 15 of the King IV Code on Corporate Governance for South Africa, 2016™ (‘King IV™’), “The governing body should ensure that assurance services and functions enable an effective control environment and that these support the integrity of information for internal decision-making and of the organisation’s external reports.”  This requires a combined assurance approach to the management of the effectiveness and integrity of internal controls and information used for reporting and decision-making.

A Corporate Governance Framework® forms part of the first, third and fifth lines of defence in a combined assurance model.  The governance framework can be used to confirm to the board, including internal audit members (amongst other key users), the level of governance assurance associated with each important component of the organisation’s business.  Armed with this information, the board will be better positioned to take decisive action to address high, medium or low risk areas of the business.  Such action may include, but is not limited to forensic audits, extended internal audits, and revised operating procedures and policies.

“Effective coordination and alignment of a range of assurance providers is essential for a board or supervisory committee to have adequate oversight of the organisation’s governance.”

The Institute of Internal Auditors Research Foundation (IIARF)

Notably, the level of transparency required by the organisation’s key stakeholders is underpinned by the use of a Corporate Governance Framework®.  The board of directors, backed by their internal auditors who are also responsible for complying with the IPPF standards, may find additional solace with the insights provided by such a governance framework.  Accordingly, both parties should be in a much better position to provide more accurate, relevant and realistic reports on the governance performance of their organisation, for which they are accountable.  Indeed, these proactive measures taken by the board and the internal auditors, will go a long way to addressing some of the core IPPF requirements, namely the importance of the objectivity, independence and accountability of internal auditors.  As organisations improve their governance measures, stakeholders can expect to see reduced levels of corporate collapses, fewer ethical failures, including reduced inaccurate reporting and financial instability which are currently so rife in business.


Words: 1,696

For further information contact:

CGF Research Institute (Pty) Ltd 
Terrance M. Booysen (Chief Executive Officer) 
Tel: +27 (0)11 476 8264 | Cell: +27 (0)82 373 2249 

Institute of Internal Auditors, South Africa
Dr Claudelle von Eck (Chief Executive Officer)
Tel: +27 (0)11 450 1040


Follow CGF on Twitter: @CGFResearch

Click below to

Attached Files

Comments are closed.

Showing 3 Comments


FeliciaSanborn    11 months ago

FeliciaSanborn    11 months ago

xpect to see reduced levels of corporate collapses, best restaurants near me open now fewer ethical failures, including reduced inaccurate reporting and financial instability

FeliciaSanborn    11 months ago

As organisations improve their governance measures, <a href="">best asian food near me</a> stakeholders can expect to see reduced levels of corporate collapses, fewer ethical failures, including reduced inaccurate reporting and financial instability which are currently so rife in business.